3 files changed, 16 insertions, 74 deletions
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 6e0bc1549..5449d07a9 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -84,7 +84,7 @@ watchgnupg_SOURCE = gnupg.texi
 CLEANFILES = yat2m mkdefsinc defs.inc
 
 DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \
-		 $(myman_pages) gpg-zip.1 gpgkey2ssh.1 gnupg.7
+		 $(myman_pages) gpg-zip.1 gnupg.7
 
 yat2m: yat2m.c
 	$(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c
diff --git a/doc/gpg.texi b/doc/gpg.texi
index d6ae5796d..5510d5724 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -396,6 +396,21 @@ GnuPG may ask you to enter the passphrase for the key.  This is
 required because the internal protection method of the secret key is
 different from the one specified by the OpenPGP protocol.
 
+@item --export-ssh-key
+@opindex export-ssh-key
+This command is used to export a key in the OpenSSH public key format.
+It requires the specification of one key by the usual means and
+exports the latest valid subkey which has an authentication capability
+to STDOUT or to the file given with option @option{--output}.  That
+output can directly be added to ssh's @file{authorized_key} file.
+
+By specifying the key to export using a key ID or a fingerprint
+suffixed with an exclamation mark (!), a specific subkey or the
+primary key can be exported.  This does not even require that the key
+has the authentication capability flag set.  To view the capability
+flags of a key use @code{--list-options show-usage} along with a key
+listing command.
+
 @item --import
 @itemx --fast-import
 @opindex import
diff --git a/doc/tools.texi b/doc/tools.texi
index 633502ed6..425790e9d 100644
--- a/doc/tools.texi
+++ b/doc/tools.texi
@@ -21,7 +21,6 @@ GnuPG comes with a couple of smaller tools:
 * gpgparsemail::          Parse a mail message into an annotated format
 * symcryptrun::           Call a simple symmetric encryption tool.
 * gpg-zip::               Encrypt or sign files into an archive.
-* gpgkey2ssh::            Emit GPG public keys in OpenSSH format.
 @end menu
 
 @c
@@ -1894,75 +1893,3 @@ gpg-zip --list-archive test1
 @command{tar}(1),
 @end ifset
 @include see-also-note.texi
-
-
-@c
-@c  GPGKEY2SSH
-@c
-@manpage gpgkey2ssh.1
-@node gpgkey2ssh
-@section Emit GPG public keys in OpenSSH format
-@ifset manverb
-.B gpgkey2ssh \- Emit GPG public keys in OpenSSH format
-@end ifset
-
-@mansect synopsis
-@ifset manverb
-.B  gpgkey2ssh
-.I keyid
-@end ifset
-
-@mansect description
-This tool is deprecated and will be removed soon.
-
-@command{gpgkey2ssh} emits the public key of an OpenPGP RSA or DSA key
-in a format readable by OpenSSH clients and servers.
-
-It takes only a single argument, a key ID, which designates the
-primary key or subkey whose public key should be converted.
-
-The key ID should use upper-case (A-F, not a-f) for all hex digits
-greater than 9, and the key in question must be present in
-@code{gpg}'s public keyring.
-
-The output of a successful run can be used verbatim as an entry in an
-@code{authorized_keys} file for @code{sshd}, or can be prefixed with a
-host name and appended to a @code{known_hosts} file for @code{ssh}.
-
-@mansect return value
-
-The program returns 0 if the key was successfully converted and
-non-zero if there was an error (e.g., if the key ID was malformed, the
-key was not present in the public keyring, or if the key is not an RSA
-or DSA key).
-
-@mansect environment
-@subsection Environment
-
-@table @asis
-
-@item HOME
-Used to locate the default home directory.
-
-@item GNUPGHOME
-If set directory used instead of "~/.gnupg".
-
-@end table
-
-@mansect files
-@subsection FILES
-
-@table @asis
-
-@item gpg2
-The command used to search the user's keyring.
-
-@end table
-
-@mansect see also
-@ifset isman
-@command{gpg2}(1),
-@command{sshd}(8),
-@command{ssh}(1)
-@end ifset
-@include see-also-note.texi